Siemens released an update and is working on others to mitigate an improper validation in its EN100 Ethernet module, according to a report with NCCIC.
The EN100 Ethernet module for the SWT 3000 management platform is affected by security vulnerabilities that could allow an attacker to conduct a denial-of-service attack over the network. Victor Nikitin, Vladislav Suchkov, and Ilya Karpov from ScadaX discovered the vulnerabilities.
A communication module for SWT 3000 management platform, a firmware variant IEC 61850 for EN100 Ethernet module version prior to 4.33 suffer from the remotely exploitable vulnerability.
In the vulnerability, specially crafted packets to Port 102/TCP could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices.
CVE-2018-11451 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
In addition, specially crafted packets to Port 102/TCP could cause a denial-of-service condition in the EN100 module if oscillographs are running. A manual restart is required to recover the EN100 module functionality.
CVE-2018-11452 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.9.
The product sees use mainly in the energy sector. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerability.
Siemens released update v4.33 for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
Siemens identified the following specific workarounds and mitigations users can apply to reduce the risk: Block access to Port 102/TCP.
For additional information see Siemens’ security advisory SSA-325546.